Page 186 / 224 Scroll up to view Page 181 - 185
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
G-2
NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328
December 2003, M-10041-01
Figure G-1:
Addressing and Subnet Used for Examples
Using DDNS and Fully Qualified Domain Names (FQDN)
Many ISPs (Internet Service Providers) provide connectivity to their customers using dynamic
instead of static IP addressing. This means that a user’s IP address does not remain constant over
time, which presents a challenge for gateways attempting to establish VPN connectivity.
A Dynamic DNS (DDNS) service allows a user whose public IP address is dynamically assigned
to be located by a host or domain name. It provides a central public database where information
(such as email addresses, host names and IP addresses) can be stored and retrieved. Now, a
gateway can be configured to use a 3
rd
party service in lieu of a permanent and unchanging IP
address to establish bi-directional VPN connectivity.
To use DDNS, you must register with a DDNS service provider. Example DDNS Service
Providers include:
Table G-1.
Example DDNS Service Providers
In this example, Gateway A is configured using an example FQDN provided by a DDNS Service
provider. In this case we established the hostname
netgear.dyndns.org
for Gateway A using the
DynDNS
www.dyndns.org
TZO.com
netgear.tzo.com
ngDDNS
ngddns.iego.net
Gateway A
22.23.24.25
FQDN
netgear.dydns.org
10.5.6.0/24
172.23.9.0/24
172.23.9.1
10.5.6.1
WAN IP
WAN IP
LAN IP
LAN IP
Gateway B
VPNC Example
Network Interface Addressing
Page 187 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328
G-3
December 2003, M-10041-01
DynDNS service. Gateway B will use the DDNS Service Provider when establishing a VPN
tunnel.
In order to establish VPN connectivity Gateway A must be configured to use Dynamic DNS, and
Gateway B must be configured to use a DNS hostname to find Gateway A provided by a DDNS
Service Provider. Again, the following step-by-step procedures assume that you have already
registered with a DDNS Service Provider and have the configuration information necessary to set
up the gateways.
Step-By-Step Configuration of FVS318 or FVM318 Gateway A
1.
Log in to the FVS318 or FVM318 labeled Gateway A as in the illustration.
Out of the box, the FVS318 or FVM318 is set for its default LAN address of
http://
192.168.0.1
with its default user name of
admin
and default password of
password
. For this
example we will assume you have set the local LAN address as 10.5.6.1 for Gateway A and
have set your own password.
2.
Click the Dynamic DNS link on the left side of the Settings management GUI.
3.
Access the Web site of one of the dynamic DNS service providers whose names appear in the
‘Use a dynamic DNS service’ list, and register for an account.
For example, for dyndns.org, click the link or go to www.dyndns.org.
Figure G-2:
Dynamic DNS Setup menu
Page 188 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
G-4
NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328
December 2003, M-10041-01
4.
Select the Use a dynamic DNS service radio button for the service you are using. In this
example we are using www.DynDNS.org as the service provider.
Type the Host Name that your dynamic DNS service provider gave you.
The dynamic DNS service provider may call this the domain name. In this example we are
using dyndns.org as the domain suffix.
Type the User Name for your dynamic DNS account. In this example we used netgear as
the Host Name. This means that the complete FQDN we are using is netgear.dyndns.org
and the Host Name is “netgear.”
Type the Password (or key) for your dynamic DNS account.
5.
Click Apply to save your configuration.
6.
Click on the VPN Settings link on the left side of the Settings management GUI.
Figure G-3:
NETGEAR FVS318 VPN Settings Pre-Configuration
7.
Click the VPN Settings link on the left side of the Settings management GUI. Click the radio
button of first available VPN leg (all 8 links are available in the example). Click the Edit
button below. This will take you to the VPN Settings – Main Mode Menu.
Note:
The router supports only basic DDNS and the login and password may not be
secure. If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x,
the dynamic DNS service will not work because private addresses will not be routed on
the Internet.
Page 189 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328
G-5
December 2003, M-10041-01
Figure G-4:
NETGEAR FVS318 VPN Settings (part 1) – Main Mode
In the Connection Name box, enter in a unique name for the VPN tunnel to be configured
between the NETGEAR devices. For this example we have used
toFVS328
.
Enter a Local IPSec Identifier
name for the NETGEAR FVS318 Gateway A. This name
must be entered in the other endpoint as Remote IPSec Identifier. In this example we used
netgear.dyndns.org
(the FQDN) as the local identifier.
Enter a Remote IPSec Identifier
name for the remote NETGEAR FVS328 Gateway B.
This name must be entered in the other endpoint as Local IPSec Identifier. In this example
we used
22.23.24.25
as the remote identifier.
Choose a subnet from local address from the Tunnel can be accessed from pull-down
menu.
Type the starting LAN IP Address of Gateway A (
10.5.6.1
in our example) in the Local IP
Local LAN start IP Address field.
Type the finishing LAN IP Address of Gateway A (
0.0.0.0
in our example) in the Local IP
Local LAN finish IP Address field.
Type the LAN Subnet Mask of Gateway A (
255.255.255.0
in our example) in the
Local
LAN IP Subnetmask field.
Choose a subnet from local address from the Tunnel can access
pull-down menu.
Type the starting LAN IP Address of Gateway B (
172.23.9.1
in our example) in the Local
IP Remote LAN Start IP Address field.
Page 190 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
G-6
NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328
December 2003, M-10041-01
Type the finishing LAN IP Address of Gateway B (
0.0.0.0
in our example) in the Local IP
Remote LAN Finish IP Address field.
Type the LAN Subnet Mask of Gateway B (
255.255.255.0
in our example) in the Remote
LAN IP Subnetmask field.
Type the WAN IP address (
22.23.24.25
in our example) of Gateway B in the Remote
WAN IP or FQDN field.
Figure G-5:
Figure 4 – NETGEAR FVS318 VPN Settings (part 2) – Main Mode
From the Secure Association drop-down box, select Main Mode.
Next to Perfect Forward Secrecy, select the Enabled radio button.
From the Encryption Protocol drop-down box, select 3DES.
In the PreShared Key box, type a unique text string to be used as the shared key between
Gateway A and Gateway B.
In this example we used
hr5xb84l6aa9r6
. You must make
sure the key is the same for both gateways.
In the Key Life box, enter in 3600 seconds.
In the IKE Life Time, enter 28800 seconds.
Check the
NETBIOS Enable box if you wish to pass NetBIOS traffic over the VPN
tunnel, allowing functions such as Microsoft Network Neighborhood browsing.
8.
Click the Apply button in the lower center of the screen to save all changes and return to the
VPN Settings screen.
9.
When the screen returns to the VPN Settings, make sure the Enable check box is selected.

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top